Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentVulDBVULNRICHMENT:CVE-2024-7659
HistoryAug 11, 2024 - 2:31 a.m.

CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values

2024-08-1102:31:04
CWE-330
VulDB
github.com
3
projectsend
password reset token handler
vulnerability
generate_random_string
functions.php
remote attack
insufficiently random values
upgrading
patch
aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

41.1%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generate_random_string of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version r1720 is able to address this issue. The name of the patch is aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17. It is recommended to upgrade the affected component.

CNA Affected

[
  {
    "vendor": "n/a",
    "modules": [
      "Password Reset Token Handler"
    ],
    "product": "projectsend",
    "versions": [
      {
        "status": "affected",
        "version": "r1605"
      }
    ]
  }
]

Related

cve 1
osv 1
cvelist 1
nvd 1
cve
cve
CVE-2024-7659
2024-08-12 13:38:49
osv
osv
CVE-2024-7659
2024-08-12 13:38:49
cvelist
cvelist
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
2024-08-11 02:31:04
nvd
nvd
CVE-2024-7659
2024-08-12 13:38:49

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

41.1%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-7659
cve1osv1cvelist1nvd1